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DETAILED ACTION 
Response to Arguments 

1 . Applicant's arguments filed December 18, 2007 have been fully considered but 
they are not persuasive. 

2. With regards to the objections to the information disclosure statement. Not all 
copies of foreign patens have been received and not all English language abstracts 
have been received. 

3. The objections to the specification have been withdrawn. 

4. With regards to the rejections of claims 30 - 33, 37 - 40 and 44, Guthrie teaches 
all the limitations of the newly amended claims. Guthrie discloses capturing 
communication data and using that communication data to determine when the number 
of login failures exceeds a certain number. Guthrie disclosing keeping an audit trail of 
each login attempt including date and timestamps (column 13, lines 46-48) is the same 
as capturing communication data. This login information is used to ensure security 
(column 13, lines 62-63) and keep track if the number of login failures exceeds a 
predetermined amount (column 8, lines 10-12). 

5. With regards to rejections of claims 93 - 96, 99 - 102, and 105, Rowland teaches 
capturing communication data communicated in the network wherein the communicated 
data is associated with a first and second user. The user profile created for each user 
captures login times each time the user logs on (column 5, lines 21-30). 

6. With regards to rejections of claims 1 1 1 - 1 1 5, 1 1 9 - 123 and 127, Rowland 
teaches determining a second login time for the client based on communication data 
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captured from the network. Rowland teaches setting the clients allowed login time 
based on the clients history of login times which is collected from communications on 
the network (column 5, lines 21-30). 

7. With regards to rejections of claims 72 - 75, 79 - 82 and 86, Royer teaches 
capturing communications data of a login session communicated in a network, and 
monitoring user logoff and session expiration based on the captured data. Royer 
teaches that a timestamp is recorded each time an activity is performed and uses that 
information to determine when there is a session expiration (pages 6-7, paragraph 67). 
Royer also discloses using the command data to determine when the user wants to 
logoff (page 7, paragraph 69). 

Information Disclosure Statement 

8. The information disclosure statement filed August 12, 2004 fails to comply with 
37 CFR 1.98(a)(2), which requires a legible copy of each cited foreign patent document; 
each non-patent literature publication or that portion which caused it to be listed; and all 
other information or that portion which caused it to be listed. It has been placed in the 
application file, but the information referred to therein has not been considered. 

9. The information disclosure statement filed August 12, 2004 fails to comply with 
37 CFR 1 .98(a)(3) because it does not include a concise explanation of the relevance, 
as it is presently understood by the individual designated in 37 CFR 1.56(c) most 
knowledgeable about the content of the information, of each patent listed that is not in 
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the English language. It has been placed in the application file, but the information 
referred to therein has not been considered. 

1 0. The text of those sections of Title 35, U.S. Code not included in this action can 
be found in a prior Office action. 

Claim Rejections - 35 USC § 102 

11. Claims 30 - 33, 37-40 and 44 are rejected under 35 U.S.C. 102(b) as being 
anticipated by R. Scott Guthrie et al's US Patent 6,161,185. 

12. Referring to claims 30, 37 and 44, Guthrie teaches: 

a. Determining if the user login was a success or failure (column 7, lines 39- 
45). 

b. Capturing communication data communicated in a network connecting a 
server application and a client (column 13, lines 46-48). 

c. Monitoring user login failures between the server application and the client 
during a predetermined time (column 8, lines 10-12). 

d. Detecting whether the number of user login failures (column 8, lines 10- 
12) exceeds a predetermined number(column 8, lines 37-40). 

13. Referring to claims 31 and 38, Guthrie teaches that the network may be a local 
area network (column 5, lines 4-5). 

14. Referring to claims 136 and 138, Guthrie teaches that the communications data 
contains a session identifier that identifies a session established between the server 
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and the client, wherein monitoring includes identifying communication data containing 
the session identifier (column 13, lines 49-50). 

15. Claims 72 - 75, 79 - 82 and 86 are rejected under 35 U.S.C. 102(b) as being 
anticipated by Barry Royer et al's US Publication 2002/0135612 A1. 

16. Referring to claims 72, 79 and 86, Royer teaches: 

e. Capturing communication data of a login session communicated in a 
network connecting a server application and a client (pages 6-7, paragraph 67) 

f. Monitoring user logoff between the server application and the client based 
on the captured communication data (page 7, paragraph 69). 

g. Monitoring automatic session expiration between the server application 
and the client based on the captured communication data (pages 6-7, paragraph 
67). 

h. Determining whether the client completes logoff before the session 
automatically expires (page 7, paragraph 69). 

17. Referring to claims 73, and 80, Royer teaches that the network can be a Wide 
Area Network or a Local area network (page 4, paragraph 34). 

1 8. Referring to claims 74 and 81 , Royer teaches that the information may be passed 
using Hypertext Transmission Protocol (page 2, paragraph 23). 

19. Referring to claims 75 and 82, Royer teaches that HTTP may be the 
communication method (page 2, paragraph 23). It is inherent that this would involve 
both HTTP requests and responses. , 
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20. Referring to claims 140 and 142, Royer teaches that the communications data 
contains a session identifier that identifies a session established between the server 
and the client, wherein monitoring includes identifying communication data containing 
the session identifier (page 7, paragraph 68). 

21. Claims 93-96, 99- 102, 105, 111 - 115, 119- 123, and 127 are rejected under 
35 U.S.C. 102(b) as being anticipated by Craig Rowland's US Patent 6,405,318 B1. 

22. Referring to claims 93, 99 and 105, Rowland teaches: 

i. Capturing communication data communicated in a network connecting a 
server application and at least one client, wherein the captured communication 
data is associated with first and second user login sessions for first and second 
users, respectively, of the server application (column 5, lines 21-30). 
j. Monitoring the captured communication data associated with the first and 
second user login sessions (column 5, lines 27-30). 

k. Determining whether the second user login session occurs during the first 
user login session when the user of the first and second login session are 
identical (column 5, lines 10-11). 

23. Referring to claims 94 and 100, Rowland teaches notifying the controller if 
abnormal activity is detected (column 3, lines 44-46). 

24. Referring to claims 95 and 101 , Rowland teaches that the information transfer 
takes place over a network (column 2, line 64). Rowland also teaches intrusion into 
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(corresponding to the recited login) different network environments (column 1 , lines 11- 
20). 

25. Referring to claims 96 and 102, Rowland teaches that the users have File 
Transfer Protocol services, Simple Mail Transfer Protocol services and HTTP services 
(column 6, lines 31-35). 

26. Referring to claims 111,119, and 127, Rowland teaches: 

I. Designating a first login time for a client as a disallowed login time 
(column 4, lines 55-56). It is inherent from determining the allowed hours that the 
disallowed hours are also known. 

m. Determining a second login time for the client in communication data with 
a server application based on communication data captured from a network 
connecting the server application and the client (column 5, lines 21-30). 
n. Determining whether the second login time matches the first login time 
(column 5, lines 28-30). 

o. If the first and second login times match, indicating that the client in data 
communication with the server application is logging in at a disallowed login time 
(column 5, liens 28-30). 

27. Referring to claims 112 and 120, Rowland teaches notifying, or alerting the 
controller if the user is logged on at a disallowed time (column 5, lines 28-30). 

28. Referring to claims 113, and 121 , Rowland teaches that the information transfer 
takes place over a network (column 2, line 64). He also teaches that this invention is to 
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solve a problem with connectivity in intranet environments (column 1, lines 11-12). 
Intranet inherently includes a local area network. 

29. Referring to claims 1 14, and 122, Rowland teaches that the users have File 
Transfer Protocol services, Simple Mail Transfer Protocol services and HTTP services 
(column 6, lines 31-35). 

30. Referring to claims 1 15 and 123, Rowland teaches that the users are equipped to 
handle HTTP requests (column 6, line 35). 

31 . Referring to claims 144, 146, 148, and 150, Rowland teaches that the 
communications data contains a session identifier that identifies a session established 
between the server and the client, wherein monitoring includes identifying 
communication data containing the session identifier (column 4, lines 52-53). 

Claim Rejections - 35 USC § 103 

32. Claims 32, 33, 39, and 40 are rejected under 35 U.S.C. 1 03(a) as being 
unpatentable over Guthrie, and further in view of Stephen F Bisbee et al's US 
Publication 2002/0184217 A1. Guthrie discloses all the limitations of the parents claim, 
as well as that the network is connected through the Internet (column 5, lines 2-4). 
Guthrie does not appear to explicitly disclose using Hypertext Transfer Protocols. 
However, Bisbee discloses that when connecting through the Internet that HTTP is a 
convenient protocol (page 1 , paragraph 2). Guthrie and Bisbee are analogous art 
because they are from the same field of endeavor, user authentication. At the time of 
the invention, it would have been obvious to one of ordinary skill in the art, having the 
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teachings of Guthrie and Bisbee before him or her, to modify Guthrie to include HTTP 
protocol of Bisbee. The motivation for doing so would have been that it is a convenient 
protocol for communication over the Internet (page 1, paragraph 2). 

33. Claims 135 and 137 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Guthrie, and further in view of Nemovicher US Publication 2002/0007453 A1. 
Guthrie discloses all the limitations of the parent claims. Guthrie does not explicitly 
disclose making a copy of the communications data. However, Nemovicher discloses 
creating a backup and archive storage to preserve data from the LAN (page 4, 
paragraph 45). Guthrie and Nemovicher are analogous art because they are from the 
same field of endeavor, user security. At the time of the invention, it would have been 
obvious to one of ordinary skill in the art, having the teachings of Guthrie and 
Nemovicher before him or her, to modify the system of Guthrie to include the backup of 
Nemovicher. The suggestion/motivation for doing so would have been to preserve data 
from the LAN (page 4, paragraph 45). 

34. Claims 139 and 141 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Royer, and further in view of Nemovicher US Publication 2002/0007453 A1. Royer 
discloses all the limitations of the parent claims. Royer does not explicitly disclose 
making a copy of the communications data. However, Nemovicher discloses creating a 
backup and archive storage to preserve data from the LAN (page 4, paragraph 45). 
Royer and Nemovicher are analogous art because they are from the same field of 
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endeavor, user security. At the time of the invention, it would have been obvious to one 
of ordinary skill in the art, having the teachings of Royer and Nemovicher before him or 
her, to modify the system of Royer to include the backup of Nemovicher. The 
suggestion/motivation for doing so would have been to preserve data from the LAN 
(page 4, paragraph 45). 

35. Claims 143, 145, 147, and 149 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Rowland, and further in view of Nemovicher US Publication 
2002/0007453 A1. Rowland discloses all the limitations of the parent claims. Rowland 
does not explicitly disclose making a copy of the communications data. However, 
Nemovicher discloses creating a backup and archive storage to preserve data from the 
LAN (page 4, paragraph 45). Rowland and Nemovicher are analogous art because they 
are from the same field of endeavor, user security. At the time of the invention, it would 
have been obvious to one of ordinary skill in the art, having the teachings of Rowland 
and Nemovicher before him or her, to modify the system of Rowland to include the 
backup of Nemovicher. The suggestion/motivation for doing so would have been to 
preserve data from the LAN (page 4, paragraph 45). 

Conclusion 

36. Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 
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§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to CORDELIA KANE whose telephone number is 
(571)272-7771. The examiner can normally be reached on Monday - Thursday 8:00 - 
5:00 EST. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gilberto Barron can be reached on 571-272-3799. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 



Application/Control Number: 10/785,584 



Page 12 



Art Unit: 2132 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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